BrazilFW Webadmin from the Internet
In this tutorial I will demonstrate how to securely access BrazilFW Webadmin from the outside Internet using PuTTY and SSH.
DO NOT open up Brazil firewall WWW access to the WAN interface. You are asking for big time trouble.
Start PuTTY and fill in the WAN IP adresss of your firewall. If you have a dynamic IP then you will probably want to use an IP service like NO-IP or dynDNS to associate your IP to a domain name. There is an addon called ipupdate that supports a few of these services.
For a more secure access see Public Key encryption for BrazilFW SSH
Simply connecting to the SSH port will get you to the console only. To use Webadmin you need to create a tunnel from your PC to BrazilFW. This is called SSH port forwarding in the PuTTY documentation. Worth reading.
In the left hand side of the PuTTY form click SSH and then Tunnels. In the source port field enter the port your PC will listen on. 8180 is good. In destination enter the IP address and port Webadmin is listening on. This is 192.168.0.1:8180 for a standard BrazilFW install. Click Add then Open to start the SSH session.In your browser http://127.0.0.1:8180 will start Webadmin.
You can add more of these port forwards. If there is a Web server (or other) on your BrazilFW LAN you can access it too. This is shown above as 192.168.0.25:80.There is an option to have your PC forward traffic from other PCs at your location to the BrazilFW LAN. This is called local port forwarding. Click inside the box Local posts accept connections from other hosts. If you choose this option others must use your local IP address to access this forwarding. e.g. http://n.n.n.n:8180Be warned that choosing this option opens your forwarded ports to anyone that can connect to your PC via TCP/IP.
Now that you have an open connection it is possible to copy files to/from BrazilFW without having an FTP server loaded.
The command line program pscp.exe is supplied in the PuTTY package. This is not for you if you are a drag-and-drop only guy. See the documentation for all the options available. Everytime you execute a command it will ask for the password.Here is an example where I copy the Webadmin logo to my PC:
pscp root@216.252.nn.nnn:/var/http/htdocs/logo.png C:\temp\logo.pngAfter modifying the logo I put it back to where it was:
pscp C:\temp\logo.png root@216.252.nn.nnn:/var/http/htdocs/logo.pngText files that were edited and saved on a Windows PC will not be in a UNIX format when you copy them to BrazilFW. This is the case for scripts and they must be converted to the UNIX format with the command dos2unix -u filenameTOconvert.Failure to do this will really screw things up.
DISCLAIMER: The following instructions come with no warranty. Use at your discretion and risks. I am not responsible for its misuse, damages, or losses that can be caused directly or indirectly. It is assumed that you practice safe computing and take backups before making changes.
It is presumed the reader has the skills set for the usage of PuTTY and the manipulation of Brazil Firewall.
Get PuTTY
For support use the Brazil Firewall forums so everyone can share the information.
copyright for the writing. The ideas and code are free. Robert Bonomo